Troubleshoot common SDS issues
Configuration | Log files | Deployment
Configuration
Troubleshoot with Configuration ManagerIf you're having trouble getting a synchronization to run properly, check Configuration Manager:
- In Configuration Manager, open the XML file and check the data you’re using to configure the sync.
- On the Sync page, click Simulate Sync to confirm you've completed all the required fields.
- On the Notifications page, click Test Notification to confirm you can send a notification.
Log files
Troubleshoot with log filesCheck your logs using Log Analyzer in the G Suite Toolbox. Most issues can be identified quickly.
If errors occur while running a sync, they're captured in a log file.
| Error message | What it means | What to do |
|---|---|---|
|
You are not authorized to access this API. |
You don't have permission to run SDS. |
Confirm you're using G Suite for Nonprofits (includes government agencies) or Education. Enable APIs for Google Classroom and your G Suite domain. For details, see G Suite for Education requirements. |
| There has been an error processing “Classes”. | Your classes.csv file includes a class that's associated with a course not found in the courses.csv. | Remove course mappings from your classes.csv file. Or, make sure your CSV files have a courses.csv file that includes all courses. |
| Permission denied. Please verify that the user set as the owner of the class actually exists. | You removed the primary teacher of a class from the enrollment file. | Transfer the class to another primary teacher. |
| The course is not in a state that allows modification of its properties. | You tried to archive a course that a teacher previously deleted. | Change your class deletion policy to avoid archiving courses. |
| Quota exceeded. | The request rate limit exceeds the Classroom API quota limit. | See Classroom API Usage Limits. |
Deployment
Which ports and URLs do I need for SDS?Note: This information can change over time. For the latest information, check for SDS updates.
SDS currently accesses the following URLs:
| Topic | URL | Port Number |
|---|---|---|
| Authentication | https://www.google.com | 443 |
| All Feeds | https://www.googleapis.com | 443 |
| Certificate Revocation List Processing |
http://www.gstatic.com/GoogleInternet Authority/GoogleInternetAuthority.crl |
80 |
| Certificate Authority | http://crl.verisign.net | 80 |
When connecting to APIs (over HTTPS), SDS needs to validate SSL certificates by connecting (via HTTP) to certificate revocation list (CRL) providers. Sometimes, these validations fail, usually due to a proxy or firewall blocking the HTTP request.
If SDS is unable to connect to the revocation list providers, you may see the following error in your log file:
PKIX path validation failed: java.security.cert.CertPathValidatorException: revocation status check failed: no CRL found
For an up-to-date list of Google IP addresses, run a DNS TXT lookup of the subdomain _netblocks.google.com.
SDS can use a proxy server but can't respond to password challenges. Change your network setup to allow SDS to connect without a password challenge or without a proxy server.
You need a server capable of sending mail to run a simulated sync. If you’re running SDS on a mail server, you can use the IP address 127.0.0.1. Otherwise, contact your mail administrator for the correct mail information.
SDS stores passwords using a 2-way encryption scheme. This protects your sensitive information from casual snooping or reverse engineering.
You may be using a font that's too large for the screen. The dialog box doesn't work with large or extra large fonts. Change your font size or edit your XML file directly.
For more information on using SDS, see the Help Center.
